Hi Philippe, On Thu, Feb 19, 2026 at 8:26 AM Philippe Reynes <[email protected]> wrote: > > Adds tests to check that the function sw_ecdsa_verify > using mbedtls is valid. > > Signed-off-by: Philippe Reynes <[email protected]> > --- > v2: > - little change to only use test with sha enabled > > test/lib/Makefile | 1 + > test/lib/sw_ecdsa.c | 465 ++++++++++++++++++++++++++++++++++++++++++++
Please rename the file to 'ecdsa.c'. > 2 files changed, 466 insertions(+) > create mode 100644 test/lib/sw_ecdsa.c > > diff --git a/test/lib/Makefile b/test/lib/Makefile > index f25383a40e5..8837446968b 100644 > --- a/test/lib/Makefile > +++ b/test/lib/Makefile > @@ -8,6 +8,7 @@ obj-$(CONFIG_$(PHASE_)UT_COMPRESSION) += compression.o > ifeq ($(CONFIG_XPL_BUILD),) > obj-y += abuf.o > obj-y += alist.o > +obj-$(CONFIG_ECDSA_MBEDTLS) += sw_ecdsa.o > obj-$(CONFIG_EFI_LOADER) += efi_device_path.o efi_memory.o > obj-$(CONFIG_EFI_SECURE_BOOT) += efi_image_region.o > ifdef CONFIG_RISCV > diff --git a/test/lib/sw_ecdsa.c b/test/lib/sw_ecdsa.c > new file mode 100644 > index 00000000000..431b44af596 > --- /dev/null > +++ b/test/lib/sw_ecdsa.c > @@ -0,0 +1,465 @@ > +// SPDX-License-Identifier: GPL-2.0+ > +/* > + * Copyright (C) 2026 Philippe Reynes <[email protected]> > + */ > + > +#include <command.h> > +#include <image.h> > +#include <test/lib.h> > +#include <test/test.h> > +#include <test/ut.h> > +#include <crypto/ecdsa-uclass.h> > +#include <crypto/internal/sw_ecdsa.h> > + > +#include <mbedtls/ecp.h> > + > +struct ecdsa_test_vector_s { > + char *test_name; > + char *curve_name; 'const char *' for both names. > + unsigned char *x; > + unsigned char *y; > + int size_bits; > + unsigned char *hash_type; > + unsigned char *hash_message; > + unsigned char *k; The 'k' is unused throughout the code, please remove it from the structure and all the test vectors. > + unsigned char *r; > + unsigned char *s; > + int expected; > +}; > + > +/* > + * Those data come from RFC6979 > + */ > + > +struct ecdsa_test_vector_s ecdsa_test_vector[] = { > + /* > + * secp192r1 > + */ > + { > + .test_name = "secp192r1 sha1", > + .curve_name = "secp192r1", > + .x = "AC2C77F529F91689FEA0EA5EFEC7F210D8EEA0B9E047ED56", > + .y = "3BC723E57670BD4887EBC732C523063D0A7C957BC97C1C43", > + .size_bits = 192, > + .hash_type = "sha-1", > + .hash_message = "sample", > + .k = "37D7CA00D2C7B0E5E412AC03BD44BA837FDD5B28CD3B0021", > + .r = "98C6BD12B23EAF5E2A2045132086BE3EB8EBD62ABF6698FF", > + .s = "57A22B07DEA9530F8DE9471B1DC6624472E8E2844BC25B64", > + .expected = 0, > + }, > + { > + .test_name = "secp192r1 sha256", > + .curve_name = "secp192r1", > + .x = "AC2C77F529F91689FEA0EA5EFEC7F210D8EEA0B9E047ED56", > + .y = "3BC723E57670BD4887EBC732C523063D0A7C957BC97C1C43", > + .size_bits = 192, > + .hash_type = "sha-256", > + .hash_message = "sample", > + .k = "32B1B6D7D42A05CB449065727A84804FB1A3E34D8F261496", > + .r = "4B0B8CE98A92866A2820E20AA6B75B56382E0F9BFD5ECB55", > + .s = "CCDB006926EA9565CBADC840829D8C384E06DE1F1E381B85", > + .expected = 0, > + }, > + { > + .test_name = "secp192r1 sha384", > + .curve_name = "secp192r1", > + .x = "AC2C77F529F91689FEA0EA5EFEC7F210D8EEA0B9E047ED56", > + .y = "3BC723E57670BD4887EBC732C523063D0A7C957BC97C1C43", > + .size_bits = 192, > + .hash_type = "sha-384", > + .hash_message = "sample", > + .k = "4730005C4FCB01834C063A7B6760096DBE284B8252EF4311", > + .r = "DA63BF0B9ABCF948FBB1E9167F136145F7A20426DCC287D5", > + .s = "C3AA2C960972BD7A2003A57E1C4C77F0578F8AE95E31EC5E", > + .expected = 0, > + }, > + { > + .test_name = "secp192r1 sha512", > + .curve_name = "secp192r1", > + .x = "AC2C77F529F91689FEA0EA5EFEC7F210D8EEA0B9E047ED56", > + .y = "3BC723E57670BD4887EBC732C523063D0A7C957BC97C1C43", > + .size_bits = 192, > + .hash_type = "sha-512", > + .hash_message = "sample", > + .k = "A2AC7AB055E4F20692D49209544C203A7D1F2C0BFBC75DB1", > + .r = "4D60C5AB1996BD848343B31C00850205E2EA6922DAC2E4B8", > + .s = "3F6E837448F027A1BF4B34E796E32A811CBB4050908D8F67", > + .expected = 0, > + }, > + { > + .test_name = "secp192r1 sha512 error", > + .curve_name = "secp192r1", > + .x = "AC2C77F529F91689FEA0EA5EFEC7F210D8EEA0B9E047ED56", > + .y = "3BC723E57670BD4887EBC732C523063D0A7C957BC97C1C43", > + .size_bits = 192, > + .hash_type = "sha-512", > + .hash_message = "sample", > + .k = "A2AC7AB055E4F20692D49209544C203A7D1F2C0BFBC75DB1", > + .r = "4D60C5AB1996BD848343B31C00850205E2EA6922DAC2E4B8", > + .s = "0F6E837448F027A1BF4B34E796E32A811CBB4050908D8F67", > + .expected = MBEDTLS_ERR_ECP_VERIFY_FAILED, > + }, > + /* > + * secp224r1 > + */ > + { > + .test_name = "secp224r1 sha1", > + .curve_name = "secp224r1", > + .x = "00CF08DA5AD719E42707FA431292DEA11244D64FC51610D94B130D6C", > + .y = "EEAB6F3DEBE455E3DBF85416F7030CBD94F34F2D6F232C69F3C1385A", > + .size_bits = 224, > + .hash_type = "sha-1", > + .hash_message = "sample", > + .k = "7EEFADD91110D8DE6C2C470831387C50D3357F7F4D477054B8B426BC", > + .r = "22226F9D40A96E19C4A301CE5B74B115303C0F3A4FD30FC257FB57AC", > + .s = "66D1CDD83E3AF75605DD6E2FEFF196D30AA7ED7A2EDF7AF475403D69", > + .expected = 0, > + }, > + { > + .test_name = "secp224r1 sha256", > + .curve_name = "secp224r1", > + .x = "00CF08DA5AD719E42707FA431292DEA11244D64FC51610D94B130D6C", > + .y = "EEAB6F3DEBE455E3DBF85416F7030CBD94F34F2D6F232C69F3C1385A", > + .size_bits = 224, > + .hash_type = "sha-256", > + .hash_message = "sample", > + .k = "AD3029E0278F80643DE33917CE6908C70A8FF50A411F06E41DEDFCDC", > + .r = "61AA3DA010E8E8406C656BC477A7A7189895E7E840CDFE8FF42307BA", > + .s = "BC814050DAB5D23770879494F9E0A680DC1AF7161991BDE692B10101", > + .expected = 0, > + }, > + { > + .test_name = "secp224r1 sha384", > + .curve_name = "secp224r1", > + .x = "00CF08DA5AD719E42707FA431292DEA11244D64FC51610D94B130D6C", > + .y = "EEAB6F3DEBE455E3DBF85416F7030CBD94F34F2D6F232C69F3C1385A", > + .size_bits = 224, > + .hash_type = "sha-384", > + .hash_message = "sample", > + .k = "52B40F5A9D3D13040F494E83D3906C6079F29981035C7BD51E5CAC40", > + .r = "0B115E5E36F0F9EC81F1325A5952878D745E19D7BB3EABFABA77E953", > + .s = "830F34CCDFE826CCFDC81EB4129772E20E122348A2BBD889A1B1AF1D", > + .expected = 0, > + }, > + { > + .test_name = "secp224r1 sha512", > + .curve_name = "secp224r1", > + .x = "00CF08DA5AD719E42707FA431292DEA11244D64FC51610D94B130D6C", > + .y = "EEAB6F3DEBE455E3DBF85416F7030CBD94F34F2D6F232C69F3C1385A", > + .size_bits = 224, > + .hash_type = "sha-512", > + .hash_message = "sample", > + .k = "9DB103FFEDEDF9CFDBA05184F925400C1653B8501BAB89CEA0FBEC14", > + .r = "074BD1D979D5F32BF958DDC61E4FB4872ADCAFEB2256497CDAC30397", > + .s = "A4CECA196C3D5A1FF31027B33185DC8EE43F288B21AB342E5D8EB084", > + .expected = 0, > + }, > + { > + .test_name = "secp224r1 sha512 error", > + .curve_name = "secp224r1", > + .x = "00CF08DA5AD719E42707FA431292DEA11244D64FC51610D94B130D6C", > + .y = "EEAB6F3DEBE455E3DBF85416F7030CBD94F34F2D6F232C69F3C1385A", > + .size_bits = 224, > + .hash_type = "sha-512", > + .hash_message = "sample", > + .k = "9DB103FFEDEDF9CFDBA05184F925400C1653B8501BAB89CEA0FBEC14", > + .r = "074BD1D979D5F32BF958DDC61E4FB4872ADCAFEB2256497CDAC30397", > + .s = "04CECA196C3D5A1FF31027B33185DC8EE43F288B21AB342E5D8EB084", > + .expected = MBEDTLS_ERR_ECP_VERIFY_FAILED, > + }, > + /* > + * secp256r1 > + */ > + { > + .test_name = "secp256r1 sha1", > + .curve_name = "secp256r1", > + .x = > "60FED4BA255A9D31C961EB74C6356D68C049B8923B61FA6CE669622E60F29FB6", > + .y = > "7903FE1008B8BC99A41AE9E95628BC64F2F1B20C2D7E9F5177A3C294D4462299", > + .size_bits = 256, > + .hash_type = "sha-1", > + .hash_message = "sample", > + .k = > "882905F1227FD620FBF2ABF21244F0BA83D0DC3A9103DBBEE43A1FB858109DB4", > + .r = > "61340C88C3AAEBEB4F6D667F672CA9759A6CCAA9FA8811313039EE4A35471D32", > + .s = > "6D7F147DAC089441BB2E2FE8F7A3FA264B9C475098FDCF6E00D7C996E1B8B7EB", > + .expected = 0, > + }, > + { > + .test_name = "secp256r1 sha256", > + .curve_name = "secp256r1", > + .x = > "60FED4BA255A9D31C961EB74C6356D68C049B8923B61FA6CE669622E60F29FB6", > + .y = > "7903FE1008B8BC99A41AE9E95628BC64F2F1B20C2D7E9F5177A3C294D4462299", > + .size_bits = 256, > + .hash_type = "sha-256", > + .hash_message = "sample", > + .k = > "A6E3C57DD01ABE90086538398355DD4C3B17AA873382B0F24D6129493D8AAD60", > + .r = > "EFD48B2AACB6A8FD1140DD9CD45E81D69D2C877B56AAF991C34D0EA84EAF3716", > + .s = > "F7CB1C942D657C41D436C7A1B6E29F65F3E900DBB9AFF4064DC4AB2F843ACDA8", > + .expected = 0, > + }, > + { > + .test_name = "secp256r1 sha384", > + .curve_name = "secp256r1", > + .x = > "60FED4BA255A9D31C961EB74C6356D68C049B8923B61FA6CE669622E60F29FB6", > + .y = > "7903FE1008B8BC99A41AE9E95628BC64F2F1B20C2D7E9F5177A3C294D4462299", > + .size_bits = 256, > + .hash_type = "sha-384", > + .hash_message = "sample", > + .k = > "09F634B188CEFD98E7EC88B1AA9852D734D0BC272F7D2A47DECC6EBEB375AAD4", > + .r = > "0EAFEA039B20E9B42309FB1D89E213057CBF973DC0CFC8F129EDDDC800EF7719", > + .s = > "4861F0491E6998B9455193E34E7B0D284DDD7149A74B95B9261F13ABDE940954", > + .expected = 0, > + }, > + { > + .test_name = "secp256r1 sha512", > + .curve_name = "secp256r1", > + .x = > "60FED4BA255A9D31C961EB74C6356D68C049B8923B61FA6CE669622E60F29FB6", > + .y = > "7903FE1008B8BC99A41AE9E95628BC64F2F1B20C2D7E9F5177A3C294D4462299", > + .size_bits = 256, > + .hash_type = "sha-512", > + .hash_message = "sample", > + .k = > "5FA81C63109BADB88C1F367B47DA606DA28CAD69AA22C4FE6AD7DF73A7173AA5", > + .r = > "8496A60B5E9B47C825488827E0495B0E3FA109EC4568FD3F8D1097678EB97F00", > + .s = > "2362AB1ADBE2B8ADF9CB9EDAB740EA6049C028114F2460F96554F61FAE3302FE", > + .expected = 0, > + }, > + { > + .test_name = "secp256r1 sha512 error", > + .curve_name = "secp256r1", > + .x = > "60FED4BA255A9D31C961EB74C6356D68C049B8923B61FA6CE669622E60F29FB6", > + .y = > "7903FE1008B8BC99A41AE9E95628BC64F2F1B20C2D7E9F5177A3C294D4462299", > + .size_bits = 256, > + .hash_type = "sha-512", > + .hash_message = "sample", > + .k = > "5FA81C63109BADB88C1F367B47DA606DA28CAD69AA22C4FE6AD7DF73A7173AA5", > + .r = > "8496A60B5E9B47C825488827E0495B0E3FA109EC4568FD3F8D1097678EB97F00", > + .s = > "0362AB1ADBE2B8ADF9CB9EDAB740EA6049C028114F2460F96554F61FAE3302FE", > + .expected = MBEDTLS_ERR_ECP_VERIFY_FAILED, > + }, > + /* > + * secp384r1 > + */ > + { > + .test_name = "secp384r1 sha1", > + .curve_name = "secp384r1", > + .x = > "EC3A4E415B4E19A4568618029F427FA5DA9A8BC4AE92E02E06AAE5286B300C64DEF8F0EA9055866064A254515480BC13", > + .y = > "8015D9B72D7D57244EA8EF9AC0C621896708A59367F9DFB9F54CA84B3F1C9DB1288B231C3AE0D4FE7344FD2533264720", > + .size_bits = 384, > + .hash_type = "sha-1", > + .hash_message = "sample", > + .k = > "4471EF7518BB2C7C20F62EAE1C387AD0C5E8E470995DB4ACF694466E6AB096630F29E5938D25106C3C340045A2DB01A7", > + .r = > "EC748D839243D6FBEF4FC5C4859A7DFFD7F3ABDDF72014540C16D73309834FA37B9BA002899F6FDA3A4A9386790D4EB2", > + .s = > "A3BCFA947BEEF4732BF247AC17F71676CB31A847B9FF0CBC9C9ED4C1A5B3FACF26F49CA031D4857570CCB5CA4424A443", > + .expected = 0, > + }, > + { > + .test_name = "secp384r1 sha256", > + .curve_name = "secp384r1", > + .x = > "EC3A4E415B4E19A4568618029F427FA5DA9A8BC4AE92E02E06AAE5286B300C64DEF8F0EA9055866064A254515480BC13", > + .y = > "8015D9B72D7D57244EA8EF9AC0C621896708A59367F9DFB9F54CA84B3F1C9DB1288B231C3AE0D4FE7344FD2533264720", > + .size_bits = 384, > + .hash_type = "sha-256", > + .hash_message = "sample", > + .k = > "180AE9F9AEC5438A44BC159A1FCB277C7BE54FA20E7CF404B490650A8ACC414E375572342863C899F9F2EDF9747A9B60", > + .r = > "21B13D1E013C7FA1392D03C5F99AF8B30C570C6F98D4EA8E354B63A21D3DAA33BDE1E888E63355D92FA2B3C36D8FB2CD", > + .s = > "F3AA443FB107745BF4BD77CB3891674632068A10CA67E3D45DB2266FA7D1FEEBEFDC63ECCD1AC42EC0CB8668A4FA0AB0", > + .expected = 0, > + }, > + { > + .test_name = "secp384r1 sha384", > + .curve_name = "secp384r1", > + .x = > "EC3A4E415B4E19A4568618029F427FA5DA9A8BC4AE92E02E06AAE5286B300C64DEF8F0EA9055866064A254515480BC13", > + .y = > "8015D9B72D7D57244EA8EF9AC0C621896708A59367F9DFB9F54CA84B3F1C9DB1288B231C3AE0D4FE7344FD2533264720", > + .size_bits = 384, > + .hash_type = "sha-384", > + .hash_message = "sample", > + .k = > "94ED910D1A099DAD3254E9242AE85ABDE4BA15168EAF0CA87A555FD56D10FBCA2907E3E83BA95368623B8C4686915CF9", > + .r = > "94EDBB92A5ECB8AAD4736E56C691916B3F88140666CE9FA73D64C4EA95AD133C81A648152E44ACF96E36DD1E80FABE46", > + .s = > "99EF4AEB15F178CEA1FE40DB2603138F130E740A19624526203B6351D0A3A94FA329C145786E679E7B82C71A38628AC8", > + .expected = 0, > + }, > + { > + .test_name = "secp384r1 sha512", > + .curve_name = "secp384r1", > + .x = > "EC3A4E415B4E19A4568618029F427FA5DA9A8BC4AE92E02E06AAE5286B300C64DEF8F0EA9055866064A254515480BC13", > + .y = > "8015D9B72D7D57244EA8EF9AC0C621896708A59367F9DFB9F54CA84B3F1C9DB1288B231C3AE0D4FE7344FD2533264720", > + .size_bits = 384, > + .hash_type = "sha-512", > + .hash_message = "sample", > + .k = > "92FC3C7183A883E24216D1141F1A8976C5B0DD797DFA597E3D7B32198BD35331A4E966532593A52980D0E3AAA5E10EC3", > + .r = > "ED0959D5880AB2D869AE7F6C2915C6D60F96507F9CB3E047C0046861DA4A799CFE30F35CC900056D7C99CD7882433709", > + .s = > "512C8CCEEE3890A84058CE1E22DBC2198F42323CE8ACA9135329F03C068E5112DC7CC3EF3446DEFCEB01A45C2667FDD5", > + .expected = 0, > + }, > + { > + .test_name = "secp384r1 sha512 error", > + .curve_name = "secp384r1", > + .x = > "EC3A4E415B4E19A4568618029F427FA5DA9A8BC4AE92E02E06AAE5286B300C64DEF8F0EA9055866064A254515480BC13", > + .y = > "8015D9B72D7D57244EA8EF9AC0C621896708A59367F9DFB9F54CA84B3F1C9DB1288B231C3AE0D4FE7344FD2533264720", > + .size_bits = 384, > + .hash_type = "sha-512", > + .hash_message = "sample", > + .k = > "92FC3C7183A883E24216D1141F1A8976C5B0DD797DFA597E3D7B32198BD35331A4E966532593A52980D0E3AAA5E10EC3", > + .r = > "ED0959D5880AB2D869AE7F6C2915C6D60F96507F9CB3E047C0046861DA4A799CFE30F35CC900056D7C99CD7882433709", > + .s = > "012C8CCEEE3890A84058CE1E22DBC2198F42323CE8ACA9135329F03C068E5112DC7CC3EF3446DEFCEB01A45C2667FDD5", > + .expected = MBEDTLS_ERR_ECP_VERIFY_FAILED, > + }, > + /* > + * secp521r1 > + */ > + { > + .test_name = "secp521r1 sha1", > + .curve_name = "secp521r1", > + .x = > "01894550D0785932E00EAA23B694F213F8C3121F86DC97A04E5A7167DB4E5BCD371123D46E45DB6B5D5370A7F20FB633155D38FFA16D2BD761DCAC474B9A2F5023A4", > + .y = > "00493101C962CD4D2FDDF782285E64584139C2F91B47F87FF82354D6630F746A28A0DB25741B5B34A828008B22ACC23F924FAAFBD4D33F81EA66956DFEAA2BFDFCF5", > + .size_bits = 521, > + .hash_type = "sha-1", > + .hash_message = "sample", > + .k = > "0089C071B419E1C2820962321787258469511958E80582E95D8378E0C2CCDB3CB42BEDE42F50E3FA3C71F5A76724281D31D9C89F0F91FC1BE4918DB1C03A5838D0F9", > + .r = > "00343B6EC45728975EA5CBA6659BBB6062A5FF89EEA58BE3C80B619F322C87910FE092F7D45BB0F8EEE01ED3F20BABEC079D202AE677B243AB40B5431D497C55D75D", > + .s = > "00E7B0E675A9B24413D448B8CC119D2BF7B2D2DF032741C096634D6D65D0DBE3D5694625FB9E8104D3B842C1B0E2D0B98BEA19341E8676AEF66AE4EBA3D5475D5D16", > + .expected = 0, > + }, > + { > + .test_name = "secp521r1 sha256", > + .curve_name = "secp521r1", > + .x = > "01894550D0785932E00EAA23B694F213F8C3121F86DC97A04E5A7167DB4E5BCD371123D46E45DB6B5D5370A7F20FB633155D38FFA16D2BD761DCAC474B9A2F5023A4", > + .y = > "00493101C962CD4D2FDDF782285E64584139C2F91B47F87FF82354D6630F746A28A0DB25741B5B34A828008B22ACC23F924FAAFBD4D33F81EA66956DFEAA2BFDFCF5", > + .size_bits = 521, > + .hash_type = "sha-256", > + .hash_message = "sample", > + .k = > "00EDF38AFCAAECAB4383358B34D67C9F2216C8382AAEA44A3DAD5FDC9C32575761793FEF24EB0FC276DFC4F6E3EC476752F043CF01415387470BCBD8678ED2C7E1A0", > + .r = > "01511BB4D675114FE266FC4372B87682BAECC01D3CC62CF2303C92B3526012659D16876E25C7C1E57648F23B73564D67F61C6F14D527D54972810421E7D87589E1A7", > + .s = > "004A171143A83163D6DF460AAF61522695F207A58B95C0644D87E52AA1A347916E4F7A72930B1BC06DBE22CE3F58264AFD23704CBB63B29B931F7DE6C9D949A7ECFC", > + .expected = 0, > + }, > + { > + .test_name = "secp521r1 sha384", > + .curve_name = "secp521r1", > + .x = > "01894550D0785932E00EAA23B694F213F8C3121F86DC97A04E5A7167DB4E5BCD371123D46E45DB6B5D5370A7F20FB633155D38FFA16D2BD761DCAC474B9A2F5023A4", > + .y = > "00493101C962CD4D2FDDF782285E64584139C2F91B47F87FF82354D6630F746A28A0DB25741B5B34A828008B22ACC23F924FAAFBD4D33F81EA66956DFEAA2BFDFCF5", > + .size_bits = 521, > + .hash_type = "sha-384", > + .hash_message = "sample", > + .k = > "01546A108BC23A15D6F21872F7DED661FA8431DDBD922D0DCDB77CC878C8553FFAD064C95A920A750AC9137E527390D2D92F153E66196966EA554D9ADFCB109C4211", > + .r = > "01EA842A0E17D2DE4F92C15315C63DDF72685C18195C2BB95E572B9C5136CA4B4B576AD712A52BE9730627D16054BA40CC0B8D3FF035B12AE75168397F5D50C67451", > + .s = > "01F21A3CEE066E1961025FB048BD5FE2B7924D0CD797BABE0A83B66F1E35EEAF5FDE143FA85DC394A7DEE766523393784484BDF3E00114A1C857CDE1AA203DB65D61", > + .expected = 0, > + }, > + { > + .test_name = "secp521r1 sha512", > + .curve_name = "secp521r1", > + .x = > "01894550D0785932E00EAA23B694F213F8C3121F86DC97A04E5A7167DB4E5BCD371123D46E45DB6B5D5370A7F20FB633155D38FFA16D2BD761DCAC474B9A2F5023A4", > + .y = > "00493101C962CD4D2FDDF782285E64584139C2F91B47F87FF82354D6630F746A28A0DB25741B5B34A828008B22ACC23F924FAAFBD4D33F81EA66956DFEAA2BFDFCF5", > + .size_bits = 521, > + .hash_type = "sha-512", > + .hash_message = "sample", > + .k = > "01DAE2EA071F8110DC26882D4D5EAE0621A3256FC8847FB9022E2B7D28E6F10198B1574FDD03A9053C08A1854A168AA5A57470EC97DD5CE090124EF52A2F7ECBFFD3", > + .r = > "00C328FAFCBD79DD77850370C46325D987CB525569FB63C5D3BC53950E6D4C5F174E25A1EE9017B5D450606ADD152B534931D7D4E8455CC91F9B15BF05EC36E377FA", > + .s = > "00617CCE7CF5064806C467F678D3B4080D6F1CC50AF26CA209417308281B68AF282623EAA63E5B5C0723D8B8C37FF0777B1A20F8CCB1DCCC43997F1EE0E44DA4A67A", > + .expected = 0, > + }, > + { > + .test_name = "secp521r1 sha512 error", > + .curve_name = "secp521r1", > + .x = > "01894550D0785932E00EAA23B694F213F8C3121F86DC97A04E5A7167DB4E5BCD371123D46E45DB6B5D5370A7F20FB633155D38FFA16D2BD761DCAC474B9A2F5023A4", > + .y = > "00493101C962CD4D2FDDF782285E64584139C2F91B47F87FF82354D6630F746A28A0DB25741B5B34A828008B22ACC23F924FAAFBD4D33F81EA66956DFEAA2BFDFCF5", > + .size_bits = 521, > + .hash_type = "sha-512", > + .hash_message = "sample", > + .k = > "01DAE2EA071F8110DC26882D4D5EAE0621A3256FC8847FB9022E2B7D28E6F10198B1574FDD03A9053C08A1854A168AA5A57470EC97DD5CE090124EF52A2F7ECBFFD3", > + .r = > "00C328FAFCBD79DD77850370C46325D987CB525569FB63C5D3BC53950E6D4C5F174E25A1EE9017B5D450606ADD152B534931D7D4E8455CC91F9B15BF05EC36E377FA", > + .s = > "00017CCE7CF5064806C467F678D3B4080D6F1CC50AF26CA209417308281B68AF282623EAA63E5B5C0723D8B8C37FF0777B1A20F8CCB1DCCC43997F1EE0E44DA4A67A", > + .expected = MBEDTLS_ERR_ECP_VERIFY_FAILED, > + }, > +}; All '.expected = MBEDTLS_ERR_ECP_VERIFY_FAILED' above should be changed to U-Boot error code, as I commented in your patch [2/9], we should map all MbedTLS internal error code to U-Boot error code. > + > +int ecdsa_test(struct unit_test_state *uts, struct ecdsa_test_vector_s *tv) static int ecdsa_test(struct unit_test_state *uts, const struct ecdsa_test_vector_s *tv) > +{ > + struct ecdsa_public_key pubkey; > + unsigned char x[528 / 8]; > + unsigned char y[528 / 8]; > + unsigned char hash[512 / 8]; > + unsigned int hash_len; > + unsigned char signature[528 / 8 * 2]; > + unsigned int sig_len; > + int ret; > + > + if (!(tv->size_bits % 8)) > + sig_len = tv->size_bits / 8; > + else > + sig_len = tv->size_bits / 8 + 1; > + > + pubkey.curve_name = tv->curve_name; > + hex2bin(x, tv->x, strlen(tv->x) / 2); Please check the return value of hex2bin(), same for all below. > + pubkey.x = x; > + hex2bin(y, tv->y, strlen(tv->y) / 2); > + pubkey.y = y; > + pubkey.size_bits = tv->size_bits; > + > + if (!strcmp(tv->hash_type, "sha-1")) { > +#if CONFIG_IS_ENABLED(SHA1) > + hash_len = SHA1_SUM_LEN; > + sha1_csum_wd(tv->hash_message, strlen(tv->hash_message), > + hash, hash_len); The last arg of 'sha*_csum_wd()' is the watchdog chunk size, not the hash output length. Passing hash_len here happens to work (small chunk), but it is semantically wrong. Please use 0 (no watchdog) or a proper chunk constant. Same for all 'sha*_csum_wd()' below. > +#else > + /* sha1 is not supported so we skip this test */ > + goto out; > +#endif > + } else if (!strcmp(tv->hash_type, "sha-256")) { > +#if CONFIG_IS_ENABLED(SHA256) > + hash_len = SHA256_SUM_LEN; > + sha256_csum_wd(tv->hash_message, strlen(tv->hash_message), > + hash, hash_len); > +#else > + /* sha256 is not supported so we skip this test */ > + goto out; > +#endif > + } else if (!strcmp(tv->hash_type, "sha-384")) { > +#if CONFIG_IS_ENABLED(SHA384) > + hash_len = SHA384_SUM_LEN; > + sha384_csum_wd(tv->hash_message, strlen(tv->hash_message), > + hash, hash_len); > +#else > + /* sha384 is not supported so we skip this test */ > + goto out; > +#endif > + } else if (!strcmp(tv->hash_type, "sha-512")) { > +#if CONFIG_IS_ENABLED(SHA512) > + hash_len = SHA512_SUM_LEN; > + sha512_csum_wd(tv->hash_message, strlen(tv->hash_message), > + hash, hash_len); > +#else > + /* sha512 is not supported so we skip this test */ > + goto out; > +#endif > + } else { > + ut_reportf("Unknown hash type (%s)", tv->hash_type); > + goto out; > + } > + > + memset(signature, 0, sizeof(signature)); > + hex2bin(signature, tv->r, sig_len); > + hex2bin(signature + sig_len, tv->s, sig_len); > + sig_len = sig_len * 2; > + > + ret = sw_ecdsa_verify(&pubkey, > + hash, hash_len, > + signature, sig_len); > + ut_asserteq(tv->expected, ret); > + > + out: > + return 0; > +} > + > +static int lib_sw_ecdsa(struct unit_test_state *uts) > +{ > + int i, num_test = ARRAY_SIZE(ecdsa_test_vector); > + > + for (i = 0; i < num_test; i++) > + ecdsa_test(uts, &ecdsa_test_vector[i]); Please check the return code here, or change ecdsa_test to void (Seems that it always returns 0). Regards, Raymond > + > + return 0; > +} > + > +LIB_TEST(lib_sw_ecdsa, 0); > -- > 2.43.0 >
